Protecting Email in the Cloud – Challenges and Solutions
Moving from a traditional on-site email server to a cloud-based solution is essential for businesses wishing to lower their costs of system management, IT resources and reducing the capital expenditures associated with an in-office mail server. The benefits of cloud-email and systems are evident: near 100% uptime, no software upgrades or maintenance tasks for administrators and the latest features and innovations seamlessly deployed into your accounts.
But simply moving your email data without a plan in place for securing it creates cybersecurity vulnerabilities. The very accessibility of cloud-based email makes it a tempting target for hackers. Traditional security approaches are not sufficient to protect cloud-based email. To make the cloud a safer place to store and collaborate, companies need to change their thinking about cyber security. Secure cloud based solutions exist, but as an adjunct to, rather than embedded within, existing cloud based application frameworks.
What measures can be taken to protect email in the cloud? Third party security solutions are generally the correct answer, but what criteria should you base your decisions on? What are some best practices to ensure the security of your email, and how should they be implemented? Choosing an email security solution can be a daunting task: there are many different products available. The best way to begin is to educate yourself on the risks inherent in cloud based storage, and their possible solutions.
The Threat of Attack is Real
Companies are under attack every day. The number of corporations negatively affected by some form of cyber attack is nearly 80% according to some sources,1 and over 90% of those attacks begin with an email. Corporate wide antivirus software, or powerful firewalls are essential for protecting what’s inside your network. But with most email shifting to the cloud, the only viable option is endpoint security.
Corporate IT has to protect phones, laptops, tablets and computers in geographically diverse places, and protecting the perimeter is just not sufficient. Any serious cloud based email security solution must provide the following to be worthy of serious consideration.
Protection Against Malware and Ransomware
No matter how malware, viruses, ransomware, or other threats enter your system, they must be quickly eradicated. Any serious provider of cloud based security must make malware detection and elimination a top priority for their clients. A big part of any malware defense is protection against so-called Zero Day Attacks.
A Zero Day Attack is one that takes advantage of a previously unknown security vulnerability. Such vulnerabilities are more common than one might think, and may take weeks or even months to be detected and eliminated. Often, by the time steps are taken to eliminate the threat, the vulnerability has already be exploited and the damage done.
Successful zero day attack prevention depends on the static analysis of hundreds of different file characteristics upon which a risk decision can be based – in other words, a prediction of vulnerability even before the vulnerability is actually exploited.
Ransomware is an insidious form of attack that each year results in the loss of more than a billion dollars to corporations. Six out of every ten virus payloads were ransomware in 2017, with companies being subjected to this form of attack every 40 seconds, on average.²
There are many varieties of ransomware – with the number increasing every day as the ingenuity of hackers rises to meet the challenge of a more sophisticated business community. No matter the version or iteration, all forms of ransomware follow the same basic pattern: An email is sent to an employee containing an attachment from a perceived trusted source. This attachment might look like a document, invoice, or other innocent business communication with a specific call to action.
However when the user clicks on the seemingly innocuous attachment their system (if vulnerable) is exploited with a virus that encrypts information on the local computer and even network shared drives. The user is then prompted with a dialog box or popup window informing them that their information is locked, and they must pay a ransom to regain access to it. There is usually a timeframe that the ransom must be paid with instructions on how to send the money to have your files redeemed.
Spam prevention and Quarantine
Beyond being a mere constant irritation that fills up mailboxes and distracts users from completing their daily tasks, spam can also be a security threat. Many spam emails contain malware, ransomware, or viruses, or are phishing attacks which will, if allowed to propagate on your network, bring business to a standstill and possibly be devastating to the corporate bottom line.
In a cloud-based spam filtering solution, spam is stopped before it reaches the corporate network.This keeps spam messages out of employee inboxes, which in turn denies possible malicious content the opportunity to spread across your network. A cloud-based anti-spam solution also has the benefit of being free of hardware costs and maintenance overhead, as well the costs of software. Such a cloud-based solution is an easily implemented and affordable way to ensure that your network remains free of spam and any email-borne threats it might contain.
Detection and Protection Against Spoofed Domain Names
Sometimes the simplest hacking technique results in the most damage. In a spoofing attack, the hacker deliberately replaces the domain name or email address in the sender or reply to address of an email. This is very commonly seen in spam messages, but is also a powerful technique in phishing emails. When a user sees a “trusted” sender for example, they are more likely to click a malicious link in the email.
Another form of spoofing is changing the domain name in an embedded link directly, swapping “paypal” with a final lowercase L to “paypaI” with a final uppercase I. This type of spoofing is very difficult to detect by eye, but detection software can very simply find such bogus links and warn the user when they are about to navigate to such a site.
Every day, there is an increasing number of phishing and spear fishing threats, which cause disruption and damaging loss of revenue to companies worldwide. These scams are crafted with the sole purpose of getting your employees to reveal passwords, security credentials, business secrets, and other information which would otherwise remain secure. So-called phishing scams are responsible for the vast majority of hacking attacks against corporations and individuals today.
The negative result on productivity and profitability cannot be understated. The costs of security breaches and the resulting loss of information can run into the millions, compromising or utterly destroying the reputation of your business, and undermining customer loyalty. Any cloud-based email security provider must help protect your organization from the rising threat of these attacks, so you can avoid the very real costs associated with the consequences of having of being unprotected.
Blocking of Malicious Attachments
Malicious email attachments are an incredibly dangerous threat to today’s business, and their use in email is on the rise. Such attachments are typically designed to look like documents, PDFs, audio or video, etc..
They are crafted specifically to fool the unsuspecting user into opening them, but once they are opened, they launch their destructive payload. The effects are varied, but always lethal: they may install viruses, kick off ransomware attacks, launch advanced persistent threats, or even lay low and prepare attacks against partner corporations.
In the case of Locky ransomware, for example, the ransom demand approach begins with an “invoice” in an email. When the invoice is opened, its content is obscured, and the user is directed to enable macros in order to unscramble it. Once macros are enabled, the payload goes to work, using AES encryption to lock down a wide variety of file types.
It is vitally important that administrative staff be able to obtain access to all messaging logs for email gateways, forwarding, backup, and outbound SMTP in order to ensure that these services are working as intended and / or debug message delivery issues.
The ability to log cloud based email events in real time allows you to see how your security provider is dealing with threats, and monitor the actual level of threat over time in order to tailor the system to your needs.
In fact, the ability to view logs is one of the capabilities of cloud based email that makes it so attractive to IT administrators. The ability to view this information in real time simply doesn’t exist in hosted solutions such as Office 365 and Gmail. Cloud based email logging and monitoring can be used to:
- Identify metrics and events to determine activities that need to be monitored. Not all events are equally important. Logging can help you determine those events that most impact the bottom line.
- Monitor response times and frequency of use to give employees a better user experience and get a more detailed picture of performance.
- Logging can be an invaluable tool during testing and troubleshooting, either in the implementation phase of migrating email to the cloud, or during downtime periods to determine the causes of failure.
The solution must be able to grow along with your needs as a corporation, and should have a tiered pricing model based on number of employees rather than on volume of email. The pricing should also be competitive, all other factors taken into consideration. Many security providers offer the same level of security, but the pricing among them is spread across the board. Some hide increased expense behind low “by volume” pricing that will cause costs to rise exponentially as the volume of email increases.
Your email servers may go offline for dozens of possible reasons, and when that happens, the email on them is inaccessible to users. Internet connection outages, server reboots, installation and configuration of software and patches, or even a complete catastrophic failure of mail servers must not be allowed to bring corporate communications to a standstill. There must be a disaster recovery plan in place that allows continued access to email in such an event. Part of that plan should be a backup service that allows access to email even when the servers are down.
In the best case, such systems do everything for you in the background. Automatic backups are taken of incoming email in the cloud. Failover in the event of an outage is therefore seamless. Users are typically given access to email via a web portal. When the server outage is resolved, all email queued by the backup system is copied back to them. The best solutions also have a long term storage window of up to 30 days, and allow unlimited storage of email and attachments during periods of downtime.
24/7 Knowledgeable Support
The best cloud based email security in the world is useless unless there is support available on an ongoing basis. Such support should be given by qualified individuals willing to work with you to resolve not only typical FAQ-based issues, but any specific one-off issues unique to your environment.
Advanced Threat Defense From DuoCircle Protects Against Email Based Threats.
DuoCircle Advanced Threat Defense pulls together all the tools your organization needs in a single integrated solution to protect and defend your employees from spam, malware, ransomware, phishing, and malicious attachments. Using an intelligent classification engine, we detect these threats in real-time and defend against them with the highest possible level of accuracy. Threats are stopped in their tracks before they can wreak havoc on your network.
Advanced Threat Defense from DuoCircle provides:
- Comprehensive Phishing Protection
- Multi-Layered Anti-Virus and Malware protection to help guard against zero-day attacks Spam protection that eliminates 99% of all incoming spam with a false positive rate of less than one in ten thousand.
- Unlimited inbound message volume, with tier-based pricing based on company size, rather than number of emails.
- Protection against domain name spoofing
- Blocking of malicious attachments.
- Real-time activity logs, with access to the email queue and time of click reporting
- Smart Adaptive Quarantine, which puts the burden of sorting spam messages on the sender rather than the recipient.
- A thirty day backup queue – 30 days of MX backup service included
- Chat, email and phone support is available 24/7